Hi Andrew, Say the message sender is Alice. Server is Bob.
When Alice sends a SOAP message, Alice will expect the response. Alice cannot change into "Kate" within the message receiving time. Therefore Alice is the same for message inflow/outflow at the client side. At the server side Bob is Bob for inflow/outflow. But if Bob wants to send Alice a UsernameToken then at the services.xml, inside <RampartConfig> he should say <ramp:user> is Bob and specify the correct policy. When message with the UT is received by Alice, on the message inflow of the client side Rampart will be invoked. UsernameToken will be validated using the password callback handler. If the password callback handler put the correct password it should work. Rampart can load only one policy for message inflow/outflow at client side. Same goes for server side. You cannot load different policies for message inflow and outflow in a straight forward manner. Cheers, Dimuthu On Wed, 2007-07-25 at 01:28 -0700, Andrew Fielden wrote: > Thanks Dimuthu. My question was about UsernameToken, not Basic > Authentication, but specifically its use with a WS Policy. > I've looked at the samples/policy/sample01/policy.xml file (below), and > have a question about this: The 'RampartConfig' section of the policy > specifies only one user. What happens if the inflow/outflow users are > different? Does the ramp:user refer to the inflow user or the outflow > user? > > > <wsp:Policy wsu:Id="UTOverTransport" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <wsp:ExactlyOne> > <wsp:All> > <sp:TransportBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:TransportToken> > <wsp:Policy> > <sp:HttpsToken > RequireClientCertificate="false"/> > </wsp:Policy> > </sp:TransportToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Lax/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > </wsp:Policy> > </sp:TransportBinding> > <sp:SignedSupportingTokens > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In > cludeToken/AlwaysToRecipient" /> > </wsp:Policy> > </sp:SignedSupportingTokens> > > <ramp:RampartConfig > xmlns:ramp="http://ws.apache.org/rampart/policy";> > <ramp:user>alice</ramp:user> > > <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.P > WCBHandler</ramp:passwordCallbackClass> > </ramp:RampartConfig> > > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > > > > -----Original Message----- > > From: Dimuthu [mailto:[EMAIL PROTECTED] > > Sent: 25 July 2007 04:13 > > To: [email protected] > > Subject: Re: Using a different user for inflow/outflow basic > > authenticationin ws-policy > > > > > > Hi Andrew, > > > > HTTP Basic Auth is different from UsernameToken. > > > > This is how you handle HTTP Basic Auth [1] > > > > UsernameToken can be added in two ways, i.e. by using policy or > > inflow/outflow configs. > > > > If you want to use policy please refer > > samples/policy/sample01/policy.xml. > > > > If you want to use inflow/outflow config please refer > > samples/basic/sample02. Here is a good article about it[2] > > > > > > Regards, > > Dimuthu > > > > > > [1] > > HttpTransportProperties.Authenticator auth = new > > HttpTransportProperties.Authenticator(); > > auth.setPreemptiveAuthentication(true); > > auth.setAuthSchemes(authSchemes); > > auth.setUsername("username"); > > auth.setPassword("password"); > > Options options = serviceClient.getOptions(); > > options.setProperty(HTTPConstants.AUTHENTICATE, auth); > > serviceClient.setOptions(options); > > > > [2]http://wso2.org/library/240 > > > > > > On Tue, 2007-07-24 at 06:01 -0700, Andrew Fielden wrote: > > > Hi, > > > > > > I'm trying to use a WS Policy file with Rampart. If I wish to enable > > > basic authentication for outflow, the RampartConfig section of the > > > ws-policy will look like this: > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <wsp:Policy > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > > > <wsp:ExactlyOne> > > > <wsp:All> > > > <ramp:RampartConfig > > > > > > xmlns:ramp="http://ws.apache.org/rampart/policy";> > > > <ramp:user>alice</ramp:user> > > > <ramp:passwordCallbackClass>InboundPWCallbackHandler > > > </ramp:passwordCallbackClass> > > > </ramp:RampartConfig> > > > </wsp:All> > > > </wsp:ExactlyOne> > > > </wsp:Policy> > > > > > > > > > My question is, suppose I wish to specify a user for basic > > > authentication Inflow. How do I differentiate between usernames for > > > basic authentication in both directions (inflow and outflow)? > > > There is only one ramp:user element. > > > > > > Thanks. > > > Andrew. > > > > > > >
